Lucene search

MitreCVE-2008-6909

HistoryAug 06, 2009 - 6:30 p.m.

CVE-2008-6909

2009-08-0618:30:00

CWE-310

mitre

web.nvd.nist.gov

cve-2008-6909

drupal

module

vulnerability

man-in-the-middle

remote attacks

data modification

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges.

Affected configurations

Nvd

Node

marc_ingramservicesMatch5.x-0.9

marc_ingramservicesMatch5.x-0.91

marc_ingramservicesMatch5.x-1.x-dev

marc_ingramservicesMatch6.x-0.9

marc_ingramservicesMatch6.x-0.11

marc_ingramservicesMatch6.x-0.12

marc_ingramservicesMatch6.x-1.x-dev

AND

drupaldrupal

VendorProductVersionCPE
marc_ingramservices5.x-0.9cpe:2.3:a:marc_ingram:services:5.x-0.9:*:*:*:*:*:*:*
marc_ingramservices5.x-0.91cpe:2.3:a:marc_ingram:services:5.x-0.91:*:*:*:*:*:*:*
marc_ingramservices5.x-1.x-devcpe:2.3:a:marc_ingram:services:5.x-1.x-dev:*:*:*:*:*:*:*
marc_ingramservices6.x-0.9cpe:2.3:a:marc_ingram:services:6.x-0.9:*:*:*:*:*:*:*
marc_ingramservices6.x-0.11cpe:2.3:a:marc_ingram:services:6.x-0.11:*:*:*:*:*:*:*
marc_ingramservices6.x-0.12cpe:2.3:a:marc_ingram:services:6.x-0.12:*:*:*:*:*:*:*
marc_ingramservices6.x-1.x-devcpe:2.3:a:marc_ingram:services:6.x-1.x-dev:*:*:*:*:*:*:*
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
marc_ingram	services	5.x-0.9	cpe:2.3:a:marc_ingram:services:5.x-0.9:::::::*
marc_ingram	services	5.x-0.91	cpe:2.3:a:marc_ingram:services:5.x-0.91:::::::*
marc_ingram	services	5.x-1.x-dev	cpe:2.3:a:marc_ingram:services:5.x-1.x-dev:::::::*
marc_ingram	services	6.x-0.9	cpe:2.3:a:marc_ingram:services:6.x-0.9:::::::*
marc_ingram	services	6.x-0.11	cpe:2.3:a:marc_ingram:services:6.x-0.11:::::::*
marc_ingram	services	6.x-0.12	cpe:2.3:a:marc_ingram:services:6.x-0.12:::::::*
marc_ingram	services	6.x-1.x-dev	cpe:2.3:a:marc_ingram:services:6.x-1.x-dev:::::::*
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::

References

drupal.org/node/348295

osvdb.org/50743

www.securityfocus.com/bid/32894

exchange.xforce.ibmcloud.com/vulnerabilities/47458

exchange.xforce.ibmcloud.com/vulnerabilities/52438

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

Related for CVE-2008-6909